Hi
could not resist posting this because its one small punch for FOSS and
one huge punch for humankind (the kind that use software atleast)
* Start of article *
Microsoft Goof - One Small Snag in a Code-Licensing Quagmire
http://www.linuxinsider.com/story/Microsoft-Goof---One-Small-Snag-in-a-Code-Licensing-Quagmire-68665.html
Microsoft (Nasdaq: MSFT) will soon release the source code and
binaries for a Windows 7 tool that was recently found to contain code
licensed under the GNU General Public License.
The tool in question is the company's free Windows 7 USB/DVD Download
Tool, which enables consumers to create bootable USB drives or DVD
backup media from the electronic software edition of Windows 7 that
comes in an ISO format.
"Within Windows" blogger Rafael Rivera Jr. uncovered the GPL-licensed
code earlier this month.
'Wayyyyyyy Too Much Code'
"While poking through the UDF-related internals of the Windows 7
USB/DVD Download Tool, I had a weird feeling there was just
wayyyyyyyyy too much code in there for such a simple tool," Rivera
explained in a post on his site.
"A simple search of some method names and properties, gleaned from
Reflector's output, revealed the source code was obviously lifted from
the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project,"
Rivera added, noting that the author of the code had not been
contacted by Microsoft.
Two problems result, Rivera said. First, "Microsoft did not offer or
provide source code for their modifications to ImageMaster nor their
tool."
Second, "Microsoft glued in some of their own licensing terms," he
noted, "further restricting your rights to the software."
'It Was Not Intentional'
Microsoft pulled the tool from the Microsoft Store a few days later.
Then, last Friday, Peter Galli, the company's Open Source Community
Manager, confirmed the discovery and announced that Microsoft would be
releasing the source code and binaries for the tool under the terms of
the General Public License v2.
"After looking at the code in question, we are now able to confirm
this was indeed the case, although it was not intentional on our
part," Galli wrote.
The mistake was made by a third-party contractor, he explained --
noting, however, that "we share responsibility, as we did not catch it
as part of our code review process."
One GPL-Violating Company Per Day
Since the problem was uncovered, Microsoft has reviewed its other
offerings in the Microsoft Store, but "this was the only incident of
this sort we could find," Galli said.
The company is also "taking measures to apply what we have learned
from this experience for future code reviews we perform," he added.
Coincidentally, Bradley Kuhn, FLOSS community liaison and technical
director for the Software Freedom Law Center (SFLC), recently
published a blog post in which he asserted that he has been finding
one new GPL-violating company per day, on average, since August.
'It Will Spark Further Internal Regulation'
"Microsoft definitely takes third-party software licenses and usage
and distribution rights very seriously, but it's inevitable that a
situation like this can occur," Rob Sanfilippo, research vice
president with Directions on Microsoft, told LinuxInsider. "Code
reviews don't always catch something like this, but I'm sure it wasn't
intentional."
Since this recent discovery "has received a lot of attention and
required Microsoft to take down an important offering while the
problem was corrected," Sanfilippo added, " I think it will spark
further internal regulation and oversight to ensure this doesn't
happen again."
'A Growing Maturity'
The company's response, meanwhile -- particularly the swiftness of its
decision to open source the tool -- "does indicate a growing maturity
with respect to free and open source licenses," RedMonk analyst It
also simply reflects a certain pragmatism," he told LinuxInsider.
"Given that the code in question was a) not Microsoft-authored and b)
non-core, this was simply the most expedient mechanism for resolving
the issue."
Indeed, the fact that Microsoft said, "'OK, we made a mistake and now
we're going to license the code as open source under GPLv2 -- a
license they said a couple of years ago they wouldn't go near" -- is
evidence of a change for the better, commented 451 Group analyst Jay
Lyman.
"It makes sense to quickly admit mistakes and fix the problem without
years of court battle," he told LinuxInsider. "It's a good paradigm
for the industry."
'Part and Parcel of IT'
The case also indicates just how pervasive open source software has
become, Lyman added, going from something that was often viewed as
foreign to the enterprise to something that is now "part and parcel of
almost all enterprise IT," he said.
"If Microsoft and Windows 7 can't avoid the GPL, who can?" he asked.
In fact, it has become rare to find a piece of software that's
licensed under just one license, Lyman noted. As a result, problems
like this "happen more often than we know about."
'Under a Microscope'
Indeed, "respecting software licenses is a problem ... whether they're
open source or commercial in nature," O'Grady pointed out.
"This is why a) commercial institutions tend to prefer permissive
licenses, where their responsibilities are fewer; b) major software
distributors invariably have rigorous approval and governance
policies; and c) there are commercial tools to assist in determining
asset provenance," he explained.
Of course, the fact that this problem was uncovered at Microsoft, of
all places, is bound to raise more awareness than it would have had it
taken place at a smaller company.
After all, whether it's the FOSS community or the industry at large
doing the examining, Lyman concluded, "Microsoft will always be under
a microscope."
* end of article *
ram